none
Where do the definitions come from? RRS feed

  • Question

  • I have installed the Client without MOM.  If I check for updates, it says "Checking the internet".

    However this did not work as I found out it requires Windows Update to do this.  But since this is managed by WSUS, I had to download the defs from there.

    Now its all updated, but I was wondering if it is really getting the defs from WSUS or the internet.  Is there any way to tell?

    Also to manage the clients config policies I will need to install MOM?  Seems a bit overkill (SQL etc)
    Monday, September 8, 2008 11:51 AM

All replies

  • Hi, If you take a look at c:\windows\windowsupdate.log it will show in there... it's not the simplest of logs, but will show the source of the update and what it's done

    If you see references to your wsus server, it's internal, if you see entries referring to update.microsoft.com, it's coming via MU

    Hope this helps

    Chris
    Monday, September 8, 2008 10:26 PM
  • I have just a Windows Update check and updated the defs.  This is what showed up in the log.  Is it getting it from the internet? How do I disable that only have it from WSUS?

    Also the uodates are not pushed, the user need to manually tell it to install the updates.  Which is fine for windows updates, but Forefront definitions need to be forced.  How do I set this up?


    2008-09-09    12:16:21:391    2116    db4    Misc    ===========  Logging initialized (build: 7.0.6001.18000, tz: +0100)  ===========
    2008-09-09    12:16:21:391    2116    db4    Misc      = Process: C:\Windows\system32\DllHost.exe
    2008-09-09    12:16:21:391    2116    db4    Misc      = Module: C:\Windows\system32\wuapi.dll
    2008-09-09    12:16:21:390    2116    db4    COMAPI    -------------
    2008-09-09    12:16:21:391    2116    db4    COMAPI    -- START --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2008-09-09    12:16:21:391    2116    db4    COMAPI    ---------
    2008-09-09    12:16:21:395     640    12c8    Agent    *************
    2008-09-09    12:16:21:395     640    12c8    Agent    ** START **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
    2008-09-09    12:16:21:395     640    12c8    Agent    *********
    2008-09-09    12:16:21:395     640    12c8    Agent      * Online = Yes; Ignore download priority = No
    2008-09-09    12:16:21:395    2116    db4    COMAPI    <<-- SUBMITTED -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2008-09-09    12:16:21:395     640    12c8    Agent      * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '0a487050-8b0f-4f81-b401-be4ceacd61cd') or (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b' and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486')"
    2008-09-09    12:16:21:396     640    12c8    Agent      * ServiceID = {00000000-0000-0000-0000-000000000000}
    2008-09-09    12:16:21:928     640    12c8    PT    +++++++++++  PT: Synchronizing server updates  +++++++++++
    2008-09-09    12:16:21:928     640    12c8    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://server/ClientWebService/client.asmx
    2008-09-09    12:16:22:665     640    12c8    Agent      * Found 0 updates and 15 categories in search; evaluated appl. rules of 149 out of 169 deployed entities
    2008-09-09    12:16:22:672     640    12c8    Agent    *********
    2008-09-09    12:16:22:672     640    12c8    Agent    **  END  **  Agent: Finding updates [CallerId = Microsoft Forefront Client Security]
    2008-09-09    12:16:22:672     640    12c8    Agent    *************
    2008-09-09    12:16:22:673    2116    13e8    COMAPI    >>--  RESUMED  -- COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2008-09-09    12:16:22:673    2116    13e8    COMAPI      - Updates found = 0
    2008-09-09    12:16:22:673    2116    13e8    COMAPI    ---------
    2008-09-09    12:16:22:673    2116    13e8    COMAPI    --  END  --  COMAPI: Search [ClientId = Microsoft Forefront Client Security]
    2008-09-09    12:16:22:673    2116    13e8    COMAPI    -------------
    2008-09-09    12:16:27:012     640    1328    AU    AU received approval from Ux for 1 updates
    2008-09-09    12:16:27:012     640    1328    AU    AU setting pending client directive to 'Progress Ux'
    2008-09-09    12:16:27:120     640    1328    AU    BeginInteractiveInstall invoked for Download
    2008-09-09    12:16:27:121     640    1328    AU    Auto-approving update for download, updateId = {BD316B9D-C132-493A-A09F-4AE455815A97}.100, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=1
    2008-09-09    12:16:27:121     640    1328    AU    Auto-approved 1 update(s) for download (for Ux)
    2008-09-09    12:16:27:121     640    1328    AU    UpdateDownloadProperties: 0 download(s) are still in progress.
    2008-09-09    12:16:27:121     640    1328    AU    #############
    2008-09-09    12:16:27:121     640    1328    AU    ## START ##  AU: Download updates
    2008-09-09    12:16:27:121     640    1328    AU    #########
    2008-09-09    12:16:27:121     640    1328    AU      # Approved updates = 1
    2008-09-09    12:16:27:133     640    1328    AU    AU initiated download, updateId = {BD316B9D-C132-493A-A09F-4AE455815A97}.100, callId = {BFA64C8E-AEDA-42FD-B741-642E1B456AAF}
    2008-09-09    12:16:27:133     640    1328    AU      # Pending download calls = 1
    2008-09-09    12:16:27:133     640    1328    AU    <<## SUBMITTED ## AU: Download updates
    2008-09-09    12:16:27:134     640    12c8    DnldMgr    *************
    2008-09-09    12:16:27:134     640    12c8    DnldMgr    ** START **  DnldMgr: Downloading updates [CallerId = AutomaticUpdates]
    2008-09-09    12:16:27:134     640    12c8    DnldMgr    *********
    2008-09-09    12:16:27:134     640    12c8    DnldMgr      * Call ID = {BFA64C8E-AEDA-42FD-B741-642E1B456AAF}
    2008-09-09    12:16:27:134     640    12c8    DnldMgr      * Priority = 3, Interactive = 1, Owner is system = 1, Explicit proxy = 0, Proxy session id = 1, ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}
    2008-09-09    12:16:27:134     640    12c8    DnldMgr      * Updates to download = 1
    2008-09-09    12:16:27:134     640    12c8    Agent      *   Title = Definition Update for Microsoft Forefront Client Security (Antimalware 1.43.219.0)
    2008-09-09    12:16:27:134     640    12c8    Agent      *   UpdateId = {BD316B9D-C132-493A-A09F-4AE455815A97}.100
    2008-09-09    12:16:27:134     640    12c8    Agent      *     Bundles 1 updates:
    2008-09-09    12:16:27:134     640    12c8    Agent      *       {608E02A5-B829-4FE9-B05B-A7DA16E9D81A}.100
    2008-09-09    12:16:27:136     640    12c8    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {608E02A5-B829-4FE9-B05B-A7DA16E9D81A}.100]  ***********
    2008-09-09    12:16:27:142     640    12c8    DnldMgr      * BITS job initialized, JobId = {AF117527-33D2-43C1-8C13-75F8B3650223}
    2008-09-09    12:16:27:142     640    12c8    DnldMgr    BITS job {AF117527-33D2-43C1-8C13-75F8B3650223} using proxy = server:8080, bypass = <local>
    2008-09-09    12:16:27:145     640    12c8    DnldMgr      * Downloading from http://www.download.windowsupdate.com/msdownload/update/software/defu/2008/09/mpam-d_ef342d83dc30ed422023e2e84a2f3506e89806c7.exe to C:\Windows\SoftwareDistribution\Download\834e697d462f68c6d114e7ae1e9600dc\ef342d83dc30ed422023e2e84a2f3506e89806c7 (full file).
    2008-09-09    12:16:27:149     640    12c8    Agent    *********
    2008-09-09    12:16:27:149     640    12c8    Agent    **  END  **  Agent: Downloading updates [CallerId = AutomaticUpdates]
    2008-09-09    12:16:27:149     640    12c8    Agent    *************
    2008-09-09    12:16:27:672     640    12c8    Report    REPORT EVENT: {44809C65-0152-4888-A530-7B7116F9FE02}    2008-09-09 12:16:22:672+0100    1    147    101    {00000000-0000-0000-0000-000000000000}    0    0    Microsoft Forefront Client Secu    Success    Software Synchronization    Windows Update Client successfully detected 0 updates.
    2008-09-09    12:16:27:672     640    12c8    Report    REPORT EVENT: {2B9148E0-2F4F-4367-8EE3-372421111750}    2008-09-09 12:16:22:672+0100    1    153    101    {00000000-0000-0000-0000-000000000000}    0    0    Microsoft Forefront Client Secu    Success    Pre-Deployment Check    Reporting client status.
    2008-09-09    12:16:30:462     640    1254    DnldMgr    BITS job {AF117527-33D2-43C1-8C13-75F8B3650223} completed successfully
    2008-09-09    12:16:30:490     640    1254    Misc    Validating signature for C:\Windows\SoftwareDistribution\Download\834e697d462f68c6d114e7ae1e9600dc\ef342d83dc30ed422023e2e84a2f3506e89806c7:
    2008-09-09    12:16:30:495     640    1254    Misc     Microsoft signed: Yes
    2008-09-09    12:16:30:497     640    1254    DnldMgr      Download job bytes total = 689216, bytes transferred = 689216
    2008-09-09    12:16:30:497     640    1254    DnldMgr    ***********  DnldMgr: New download job [UpdateId = {608E02A5-B829-4FE9-B05B-A7DA16E9D81A}.100]  ***********
    2008-09-09    12:16:30:505     640    1254    DnldMgr      * All files for update were already downloaded and are valid.
    2008-09-09    12:16:30:507     640    11c0    AU    >>##  RESUMED  ## AU: Download update [UpdateId = {BD316B9D-C132-493A-A09F-4AE455815A97}, succeeded]
    2008-09-09    12:16:30:508     640    11c0    AU    #########
    2008-09-09    12:16:30:508     640    11c0    AU    ##  END  ##  AU: Download updates
    2008-09-09    12:16:30:508     640    11c0    AU    #############
    2008-09-09    12:16:31:140     640    1328    AU    BeginInteractiveInstall invoked for Install
    2008-09-09    12:16:31:140     640    1328    AU    Auto-approving update for install, updateId = {BD316B9D-C132-493A-A09F-4AE455815A97}.100, ForUx=1, IsOwnerUx=1, HasDeadline=0, IsMinor=1
    2008-09-09    12:16:31:140     640    1328    AU    Auto-approved 1 update(s) for install (for Ux), installType=1
    2008-09-09    12:16:31:140     640    1328    AU    #############
    2008-09-09    12:16:31:140     640    1328    AU    ## START ##  AU: Install updates
    2008-09-09    12:16:31:140     640    1328    AU    #########
    2008-09-09    12:16:31:140     640    1328    AU      # Initiating manual install
    2008-09-09    12:16:31:140     640    1328    AU      # Approved updates = 1
    2008-09-09    12:16:31:141     640    1328    AU    <<## SUBMITTED ## AU: Install updates / installing updates [CallId = {F50FECC8-4B24-4154-9100-1DE824E2CEFE}]
    2008-09-09    12:16:31:141     640    ebc    Agent    *************
    2008-09-09    12:16:31:141     640    ebc    Agent    ** START **  Agent: Installing updates [CallerId = AutomaticUpdates]
    2008-09-09    12:16:31:141     640    ebc    Agent    *********
    2008-09-09    12:16:31:141     640    ebc    Agent      * Updates to install = 1
    2008-09-09    12:16:31:142     640    ebc    Agent      *   Title = Definition Update for Microsoft Forefront Client Security (Antimalware 1.43.219.0)
    2008-09-09    12:16:31:142     640    ebc    Agent      *   UpdateId = {BD316B9D-C132-493A-A09F-4AE455815A97}.100
    2008-09-09    12:16:31:142     640    ebc    Agent      *     Bundles 1 updates:
    2008-09-09    12:16:31:142     640    ebc    Agent      *       {608E02A5-B829-4FE9-B05B-A7DA16E9D81A}.100
    2008-09-09    12:16:35:507     640    12c8    Report    REPORT EVENT: {4A4E43D9-DBF5-457C-AD14-48A3DE0F4D87}    2008-09-09 12:16:30:507+0100    1    162    101    {BD316B9D-C132-493A-A09F-4AE455815A97}    100    0    AutomaticUpdates    Success    Content Download    Download succeeded.
    2008-09-09    12:16:49:377     640    ebc    DnldMgr    Preparing update for install, updateId = {608E02A5-B829-4FE9-B05B-A7DA16E9D81A}.100.
    2008-09-09    12:16:49:387    4492    b58    Misc    ===========  Logging initialized (build: 7.0.6001.18000, tz: +0100)  ===========
    2008-09-09    12:16:49:387    4492    b58    Misc      = Process: C:\Windows\system32\wuauclt.exe
    2008-09-09    12:16:49:387    4492    b58    Misc      = Module: C:\Windows\system32\wuaueng.dll
    2008-09-09    12:16:49:386    4492    b58    Handler    :::::::::::::
    2008-09-09    12:16:49:387    4492    b58    Handler    :: START ::  Handler: Command Line Install
    2008-09-09    12:16:49:387    4492    b58    Handler    :::::::::
    2008-09-09    12:16:49:387    4492    b58    Handler      : Updates to install = 1
    2008-09-09    12:16:55:762    4492    b58    Handler      : Command line install completed. Return code = 0x00000000, Result = Succeeded, Reboot required = false
    2008-09-09    12:16:55:763    4492    b58    Handler    :::::::::
    2008-09-09    12:16:55:763    4492    b58    Handler    ::  END  ::  Handler: Command Line Install
    2008-09-09    12:16:55:763    4492    b58    Handler    :::::::::::::
    2008-09-09    12:16:55:918     640    11c0    AU    >>##  RESUMED  ## AU: Installing update [UpdateId = {BD316B9D-C132-493A-A09F-4AE455815A97}, succeeded]
    2008-09-09    12:16:56:063     640    ebc    Agent    *********
    2008-09-09    12:16:56:063     640    11c0    AU    Install call completed.
    2008-09-09    12:16:56:063     640    ebc    Agent    **  END  **  Agent: Installing updates [CallerId = AutomaticUpdates]
    2008-09-09    12:16:56:063     640    11c0    AU      # WARNING: Install call completed, reboot required = No, error = 0x00000000
    2008-09-09    12:16:56:063     640    ebc    Agent    *************
    2008-09-09    12:16:56:063     640    11c0    AU    #########
    2008-09-09    12:16:56:063     640    11c0    AU    ##  END  ##  AU: Installing updates [CallId = {F50FECC8-4B24-4154-9100-1DE824E2CEFE}]
    2008-09-09    12:16:56:063     640    11c0    AU    #############
    2008-09-09    12:16:56:063     640    11c0    AU    Install complete for all calls, reboot NOT needed
    2008-09-09    12:16:57:303     640    1328    AU    Triggering Offline detection (non-interactive) non-default
    2008-09-09    12:16:58:803     640    1328    AU    Triggering Offline detection (non-interactive)
    2008-09-09    12:16:58:803     640    bec    AU    #############
    2008-09-09    12:16:58:803     640    bec    AU    ## START ##  AU: Search for updates
    2008-09-09    12:16:58:803     640    bec    AU    #########
    2008-09-09    12:16:58:809     640    bec    AU    <<## SUBMITTED ## AU: Search for updates [CallId = {E8FCAB0E-A65A-496B-A883-8E469C18D533}]
    2008-09-09    12:16:58:809     640    12c8    Agent    *************
    2008-09-09    12:16:58:809     640    12c8    Agent    ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2008-09-09    12:16:58:809     640    12c8    Agent    *********
    2008-09-09    12:16:58:810     640    12c8    Agent      * Online = No; Ignore download priority = No
    2008-09-09    12:16:58:810     640    12c8    Agent      * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
    2008-09-09    12:16:58:810     640    12c8    Agent      * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}
    2008-09-09    12:16:58:824     640    bec    AU    AU received handle event
    2008-09-09    12:17:00:556     640    12c8    Agent      * Found 0 updates and 15 categories in search; evaluated appl. rules of 149 out of 169 deployed entities
    2008-09-09    12:17:00:556     640    12c8    Agent    *********
    2008-09-09    12:17:00:556     640    12c8    Agent    **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
    2008-09-09    12:17:00:556     640    12c8    Agent    *************
    2008-09-09    12:17:00:557     640    11c0    AU    >>##  RESUMED  ## AU: Search for updates [CallId = {E8FCAB0E-A65A-496B-A883-8E469C18D533}]
    2008-09-09    12:17:00:557     640    11c0    AU      # 0 updates detected
    2008-09-09    12:17:00:557     640    11c0    AU    #########
    2008-09-09    12:17:00:557     640    11c0    AU    ##  END  ##  AU: Search for updates [CallId = {E8FCAB0E-A65A-496B-A883-8E469C18D533}]
    2008-09-09    12:17:00:557     640    11c0    AU    #############
    2008-09-09    12:17:00:918     640    12c8    Report    REPORT EVENT: {76B59DB2-28AE-488B-A414-2EDFCBE53C2A}    2008-09-09 12:16:55:918+0100    1    183    101    {BD316B9D-C132-493A-A09F-4AE455815A97}    100    0    AutomaticUpdates    Success    Content Install    Installation Successful: Windows successfully installed the following update: Definition Update for Microsoft Forefront Client Security (Antimalware 1.43.219.0)

    • Edited by Mike Johnson1 Tuesday, September 9, 2008 11:29 AM edit text
    Tuesday, September 9, 2008 11:28 AM
  • Hi Mike
    It looks like your updates are coming from WSUS (from the log: 2008-09-09    12:16:21:928     640    12c8    PT      + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = http://server/ClientWebService/client.asmx)

    By default, Windows will check for new updates once a day, at 3am.  If you want a more frequent update schedule, you should create and deploy an FCS policy (FCS can check for updates up to 24x/day).  I see you haven't deployed the MOM agent, so you'd need to install the FCS server (Management and Collection are enough), author a policy, then export it to a file.

    Take the file to the client machine and use "FCSLocalPolicyTool.exe" (found on the FCS media) to import the policy to the client machine

    Hope this helps
    Chris
    Forefront Client Security PM
    Chris Sfanos / Forefront PM
    Thursday, September 18, 2008 5:02 PM